package com.zimug.jwtserver.controller;

import com.zimug.jwtserver.config.exception.AjaxResponse;
import lombok.extern.slf4j.Slf4j;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;

/**
 * 1.现在数据库添加授权数据
 * 2.获取授权token和csrf-token
 * 3.请求时header带上token和cookie里面的csrf-token
 * 4.每一次授权请求后csrf-token都会更新，并回写回cookie，所以下次请求必须拿到上次请求返回的csrf-token才能请求成功
 */
@Slf4j
@RestController
public class HelloController {
    //csrf防跨站攻击不放get请求，为了安全考虑不适用get
    //每一次授权请求后csrf-token都会更新，并回写回cookie，所以下次请求必须拿到上次请求返回的csrf-token才能请求成功
    @RequestMapping(value = "/hello",method = RequestMethod.POST)
    public AjaxResponse hello() {
        return AjaxResponse.success("world");
    }
    @RequestMapping(value = "/callme",method = RequestMethod.POST)
    public AjaxResponse callme() {
        return AjaxResponse.success("hahah");
    }

}
